fix(command_parser): handle negated_command as a transparent container

[fohte]

Why

• Commands containing the shell negation operator ! were not evaluated correctly, causing commands that should be allowed to return ask instead
  • e.g., if ! grep -q test /dev/null; then echo no; fi did not match the grep rule

What

• negated_command is now handled as a transparent container, allowing inner commands to be correctly extracted and evaluated
  • tree-sitter-bash parses ! cmd as a negated_command node, but collect_commands() did not handle this node type

Before:

$ runok check --verbose -- 'if ! grep -q test /dev/null; then echo no; fi'
[verbose] Evaluating command: "if ! grep -q test /dev/null; then echo no; fi"
[verbose] Compound command detected (2 sub-commands)
[verbose]   sub-command 1: "! grep -q test /dev/null"
[verbose]   sub-command 2: "echo no"
[verbose] No rules matched
[verbose]   sub-command "! grep -q test /dev/null": Ask(None)
[verbose] Rule matched: allow 'echo *' (matched tokens: ["no"])
[verbose]   sub-command "echo no": Allow
[verbose] Compound evaluation result: Ask(None)
ask

After:

[verbose] Evaluating command: "if ! grep -q test /dev/null; then echo no; fi"
[verbose] Compound command detected (2 sub-commands)
[verbose]   sub-command 1: "grep -q test /dev/null"
[verbose]   sub-command 2: "echo no"
[verbose] Rule matched: allow 'grep *' (matched tokens: ["-q", "test", "/dev/null"])
[verbose]   sub-command "grep -q test /dev/null": Allow
[verbose] Rule matched: allow 'echo *' (matched tokens: ["no"])
[verbose]   sub-command "echo no": Allow
[verbose] Compound evaluation result: Allow
allow

---

[gemini-code-assist]

Code Review

This pull request fixes an issue where negated shell commands (e.g., ! grep) were not being parsed correctly, causing them to fail rule matching. The negated_command node is now handled as a transparent container in the command parser, allowing the inner command to be evaluated. The changes include documentation updates and new test cases in both unit and integration tests. A review comment suggests adding a test case for negated pipelines within subshells to ensure robust handling of nested command structures.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.50%. Comparing base (8a51b4c) to head (b63ffc3).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #266   +/-   ##
=======================================
  Coverage   89.50%   89.50%           
=======================================
  Files          52       52           
  Lines       10730    10731    +1     
=======================================
+ Hits         9604     9605    +1     
  Misses       1126     1126           

Flag	Coverage Δ
Linux	89.30% <100.00%> (+0.01%)	⬆️
macOS	90.85% <100.00%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.